Ohio man charged for Anonymous-sponsored attacks on police websites

Federal authorities have charged a second man with carrying out website attacks that exposed the names and personal information belonging to police officers. The accused are allegedly members of CabinCr3w, an offshoot of the Anonymous hacking collective.

It's stories like these that make me very seriously worry that for all the gusto that Anonymous claims to have and all the good intentions it tries to project, these actions will result in a tighter, more locked down, more censored, and ultimately less private internet for us all.

It's stories like these that make me very seriously worry that for all the gusto that Anonymous claims to have and all the good intentions it tries to project, these actions will result in a tighter, more locked down, more censored, and ultimately less private internet for us all.

It's stories like these that make me very seriously worry that for all the gusto that Anonymous claims to have and all the good intentions it tries to project, these actions will result in a tighter, more locked down, more censored, and ultimately less private internet for us all.

Thats just what I don't understand, I mean supposedly there are quite a few intelligent people in Anon. You would think one would figure this out.

Sorry a bunch of angry hackers isn't going to change the world, it requires a bit more than that.

So while they continue to protest, the .gov's of the world pass more and more restrictions.

It's stories like these that make me very seriously worry that for all the gusto that Anonymous claims to have and all the good intentions it tries to project, these actions will result in a tighter, more locked down, more censored, and ultimately less private internet for us all.

Thats just what I don't understand, I mean supposedly there are quite a few intelligent people in Anon. You would think one would figure this out.

Sorry a bunch of angry hackers isn't going to change the world, it requires a bit more than that.

So while they continue to protest, the .gov's of the world pass more and more restrictions.

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

Semi-related are the 80+ bomb alerts that have been issued at the U. of Pittsburgh over the last couple of weeks. The culprit is using an anonymous remailer (http://www.post-gazette.com/stories/loc ... ts-631734/) but it's only a matter of time before the big boys find a small slip up and get this guy.

As a criminal, you have to be right every time, the cops only have to get it right once.

For being so anonymous they dont try very hard to hide who they are...really using a neighbors wifi??? Using a twitter account from a church....well at least they are starting to make it easy for the cops....morons.

For being so anonymous they dont try very hard to hide who they are...really using a neighbors wifi??? Using a twitter account from a church....well at least they are starting to make it easy for the cops....morons.

And I am also sure they will just Roll over on each other.Juvenile Operations & Behavior..............bye bye guys, have fun in your Federal Vacation Spa.

It's stories like these that make me very seriously worry that for all the gusto that Anonymous claims to have and all the good intentions it tries to project, these actions will result in a tighter, more locked down, more censored, and ultimately less private internet for us all.

Thats just what I don't understand, I mean supposedly there are quite a few intelligent people in Anon. You would think one would figure this out.

Sorry a bunch of angry hackers isn't going to change the world, it requires a bit more than that.

So while they continue to protest, the .gov's of the world pass more and more restrictions.

They are not protesters but vandals. They just give government perfect excuse to impose more strict laws. These so called hackers do harm to ordinary interent users.

There are other ways to protest other than hacking. Look what wikipedia and other sites did to protest ACTA. No hacking was needed and it made a difference. Some governments didn't sign ACTA as a result.

I still can't believe that there are sites out there that have that type of data (ESPECIALLY for police officers) that allow SQL injection attacks to be successful. Seriously, the head of IT, the web designer and developer for those PD's should be locked up for criminal stupidity. SQL injection has been an issue for long enough that they should have known almost a decade ago that their site wouldn't stand up to those types of attacks, and should have fixed them in the meantime. Maybe, hopefully, now they will get on the case and fix the stupid.

I really wonder if many of these hackers are suffering from a kind of mental illness. I am not suggestion all of them would fall into my pseudo-psychological diagnosis. What kind of hero looks good to a socially awkward or asperger suffering individual? Well it is not like they are going to seek to emulate athletic feats. It is not like they have the charisma to enter the political sphere and inspire hope and change. I am guessing they don't have any real religious affiliation, so it is not like they can try to be like the "saints" of old.

How easy would it be for someone like this to see hackers as their brand of celebrity. It is their way of being cool and, as a nice incentive, all this garbage about the hackers making it a better world might appeal to their desire to do something that matters.

Problem is, reality is cold and harsh and does not give a crap. I could be completely wrong in my pseudo-diagnosis, but I imagine it would be easy for such individuals to be manipulated into thinking they are doing something noble which will get them into a ton of trouble.

I really wonder if many of these hackers are suffering from a kind of mental illness. I am not suggestion all of them would fall into my pseudo-psychological diagnosis. What kind of hero looks good to a socially awkward or asperger suffering individual?

mental illness is a bit too far but aspergers doesn't seem too far off the mark.stay at home, take out their single minded interest on a goal.

I really wonder if many of these hackers are suffering from a kind of mental illness. I am not suggestion all of them would fall into my pseudo-psychological diagnosis. What kind of hero looks good to a socially awkward or asperger suffering individual? Well it is not like they are going to seek to emulate athletic feats. It is not like they have the charisma to enter the political sphere and inspire hope and change. I am guessing they don't have any real religious affiliation, so it is not like they can try to be like the "saints" of old.

How easy would it be for someone like this to see hackers as their brand of celebrity. It is their way of being cool and, as a nice incentive, all this garbage about the hackers making it a better world might appeal to their desire to do something that matters.

Problem is, reality is cold and harsh and does not give a crap. I could be completely wrong in my pseudo-diagnosis, but I imagine it would be easy for such individuals to be manipulated into thinking they are doing something noble which will get them into a ton of trouble.

Yea, the mental illness they are suffering from is called 'being young and stupid'

Not helping the stereotype that all computer hackers are socially awkward pimply nerds. Yikes.

I especially loved the irony of this quote from that article:

Quote:

haha they wont ever find me, im too awesome Trust me, I wouldnt have gotten away with as much as I have if I wasnt careful enough to make sure I dont get caught Im like the gingerbread man, no one can catch me

Guess he never read the whole Gingerbread Man story. Now he doesn't have to.

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

You can easily anonymize your connection before using Twitter, and before creating the email account that you linked to Twitter, and before creating the Twitter account. If you do that then it can't be traced back to you. Apparently this guy was dumb enough to brag of hacks on his Twitter feed without anonymizing the connections first AND without even using anonymous wi-fi in some coffee shop across town. IIRC Sabu made a similar mistake with IRC, but at least it was a mistake (although I think anyone who hacks from your own house is an idiot, but fortunately it makes it that much easier for the good guys to catch them). It seems that this guy didn't even bother to try to scrub his connections, or he was too stupid to do it correctly.

As others have said, being a script kiddie doesn't make you a hacker. It might get you busted on hacking charges, but it doesn't mean that you have any sort of real skill. In short, this guy was just an idiot.

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

You can easily anonymize your connection before using Twitter, and before creating the email account that you linked to Twitter, and before creating the Twitter account. If you do that then it can't be traced back to you. Apparently this guy was dumb enough to brag of hacks on his Twitter feed without anonymizing the connections first AND without even using anonymous wi-fi in some coffee shop across town. IIRC Sabu made a similar mistake with IRC, but at least it was a mistake (although I think anyone who hacks from your own house is an idiot, but fortunately it makes it that much easier for the good guys to catch them). It seems that this guy didn't even bother to try to scrub his connections, or he was too stupid to do it correctly.

As others have said, being a script kiddie doesn't make you a hacker. It might get you busted on hacking charges, but it doesn't mean that you have any sort of real skill. In short, this guy was just an idiot.

You seem to have overlooked making sure to use a dead-end email service, like spaminator, and making sure to use an anonymizing servous like TOR, in conjunction with spoofing your IP in the first place. I'm sure I'm overlooking another level of protection, but the point should be clear: the methods you describe, by themselves, are only mitigating factors. There are other tools to use as well to make it harder, and in the case of IP spoofing, even making packets arrive at two separate end-points entirely.

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

You can easily anonymize your connection before using Twitter, and before creating the email account that you linked to Twitter, and before creating the Twitter account. If you do that then it can't be traced back to you. Apparently this guy was dumb enough to brag of hacks on his Twitter feed without anonymizing the connections first AND without even using anonymous wi-fi in some coffee shop across town. IIRC Sabu made a similar mistake with IRC, but at least it was a mistake (although I think anyone who hacks from your own house is an idiot, but fortunately it makes it that much easier for the good guys to catch them). It seems that this guy didn't even bother to try to scrub his connections, or he was too stupid to do it correctly.

As others have said, being a script kiddie doesn't make you a hacker. It might get you busted on hacking charges, but it doesn't mean that you have any sort of real skill. In short, this guy was just an idiot.

You seem to have overlooked making sure to use a dead-end email service, like spaminator, and making sure to use an anonymizing servous like TOR, in conjunction with spoofing your IP in the first place. I'm sure I'm overlooking another level of protection, but the point should be clear: the methods you describe, by themselves, are only mitigating factors. There are other tools to use as well to make it harder, and in the case of IP spoofing, even making packets arrive at two separate end-points entirely.

IMO, as great as TOR is, its very use will flag you if they get your ISP's cooperation (assuming you are using it to commit a crime). It's like encrypting a torrent transmission. Yes, they will not see the actual content, but your ISP can easily flag it as a torrent transmission based on other easily identifiable patterns. All law enforcement needs is a lead (whether advertising your actions on twitter like this bozo did or chatting with the wrong guy on IRC). I think there is very little you can do to hide you tracks these days with ad-hoc attacks such as these. eventually they;ll get to you...

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

You can easily anonymize your connection before using Twitter, and before creating the email account that you linked to Twitter, and before creating the Twitter account. If you do that then it can't be traced back to you. Apparently this guy was dumb enough to brag of hacks on his Twitter feed without anonymizing the connections first AND without even using anonymous wi-fi in some coffee shop across town. IIRC Sabu made a similar mistake with IRC, but at least it was a mistake (although I think anyone who hacks from your own house is an idiot, but fortunately it makes it that much easier for the good guys to catch them). It seems that this guy didn't even bother to try to scrub his connections, or he was too stupid to do it correctly.

As others have said, being a script kiddie doesn't make you a hacker. It might get you busted on hacking charges, but it doesn't mean that you have any sort of real skill. In short, this guy was just an idiot.

You seem to have overlooked making sure to use a dead-end email service, like spaminator, and making sure to use an anonymizing servous like TOR, in conjunction with spoofing your IP in the first place. I'm sure I'm overlooking another level of protection, but the point should be clear: the methods you describe, by themselves, are only mitigating factors. There are other tools to use as well to make it harder, and in the case of IP spoofing, even making packets arrive at two separate end-points entirely.

IMO, as great as TOR is, its very use will flag you if they get your ISP's cooperation (assuming you are using it to commit a crime). It's like encrypting a torrent transmission. Yes, they will not see the actual content, but your ISP can easily flag it as a torrent transmission based on other easily identifiable patterns. All law enforcement needs is a lead (whether advertising your actions on twitter like this bozo did or chatting with the wrong guy on IRC). I think there is very little you can do to hide you tracks these days with ad-hoc attacks such as these. eventually they;ll get to you...

While those are valid points...

1) They need to identify you in order to know what ISP, where, when, etc. to ask for that cooperation. By definition, you've already been caught, and now they're just strengthening evidence.

2) Sure, encrypting the torrent stream is potentially identifiable, but "downloading an encrypted torrent" is not a crime, and "downloading an encrypted torrent" is the very definition of circumstantial evidence, which means nothing without noncircumstantial evidence to prove it means something. "This IP downloaded this torrent" combined with "this user downloaded an encrypted torrent" is simply insufficient to make a conclusion. By all means, prove that the encrypted information you can't identify was the same torrent that IP downloaded, now prove that out of over seven billion people in the world that none of them spoofed my IP.

Is it enough to make them look closer? Sure. But it's not enough to actually do anything (at least not constitutionally; if it's politically convenient to accept the MAFIAA's assertions about piracy and the economy, they could easily declare you a terrorist and just disappear you without charge or trial, thanks to the 2012 Defense Authorization Act).

Problem is, reality is cold and harsh and does not give a crap. I could be completely wrong in my pseudo-diagnosis, but I imagine it would be easy for such individuals to be manipulated into thinking they are doing something noble which will get them into a ton of trouble.

Yeah, just look what happened to the Lone Gunmen (and I'm not referring to the show being cancelled after only 12 episodes). They just got too close to the truth and had to be eliminated. Watch your ass, dude!

1) They need to identify you in order to know what ISP, where, when, etc. to ask for that cooperation. By definition, you've already been caught, and now they're just strengthening evidence.

Why? I think you conveniently forgotten that fiasco involving a major Telcom in San Francisco and CIA equipment within that facility monitoring all incoming and outgoing packet. The government can do that at whim.

Quote:

2) Sure, encrypting the torrent stream is potentially identifiable, but "downloading an encrypted torrent" is not a crime, and "downloading an encrypted torrent" is the very definition of circumstantial evidence, which means nothing without noncircumstantial evidence to prove it means something. "This IP downloaded this torrent" combined with "this user downloaded an encrypted torrent" is simply insufficient to make a conclusion. By all means, prove that the encrypted information you can't identify was the same torrent that IP downloaded, now prove that out of over seven billion people in the world that none of them spoofed my IP.

Look at my above comment. You don't need to commit crime in order to be monitored. It's just whether or not you possess any data of "value" that is the major determinant factor.

Quote:

Is it enough to make them look closer? Sure. But it's not enough to actually do anything (at least not constitutionally; if it's politically convenient to accept the MAFIAA's assertions about piracy and the economy, they could easily declare you a terrorist and just disappear you without charge or trial, thanks to the 2012 Defense Authorization Act).

The Patriot Act had those implementations in place thanks to Ashcroft & Co. You don't need to skewer Obama with your conservative agenda.

Funny, most of these guys go out of their way to cover their IP tracks yet, in the end fall victim of their own bragging and need for attention. What respectable hacker uses twitter anyway? "Hey everybody, I'm so 133t. Now, watch as I incriminate myself..."

You can easily anonymize your connection before using Twitter, and before creating the email account that you linked to Twitter, and before creating the Twitter account. If you do that then it can't be traced back to you. Apparently this guy was dumb enough to brag of hacks on his Twitter feed without anonymizing the connections first AND without even using anonymous wi-fi in some coffee shop across town. IIRC Sabu made a similar mistake with IRC, but at least it was a mistake (although I think anyone who hacks from your own house is an idiot, but fortunately it makes it that much easier for the good guys to catch them). It seems that this guy didn't even bother to try to scrub his connections, or he was too stupid to do it correctly.

As others have said, being a script kiddie doesn't make you a hacker. It might get you busted on hacking charges, but it doesn't mean that you have any sort of real skill. In short, this guy was just an idiot.

You seem to have overlooked making sure to use a dead-end email service, like spaminator, and making sure to use an anonymizing servous like TOR, in conjunction with spoofing your IP in the first place. I'm sure I'm overlooking another level of protection, but the point should be clear: the methods you describe, by themselves, are only mitigating factors. There are other tools to use as well to make it harder, and in the case of IP spoofing, even making packets arrive at two separate end-points entirely.

I didn't neglect mentioning Tor. I said "anonymize the connection," which TOR is one way of doing. It's not the only way, which is why I didn't mention it by name.

You don't use IP spoofing for anonymity. Sure, it makes you anonymous, but it also keeps any return packets from being able to reach you. That makes it useless for anything that requires syn/ack packets (any TCP) or any other communication that requires a response. IP spoofing is mostly useful for DoS attacks (sending data meant for you to someone else) or hacking through a firewall (tricking an improperlyconfigured firewall into letting a packet with a spoofed internal IP through), etc.

As for those who don't like Tor because it shows you're using encryption, we'll, imho it doesn't really matter. Encryption is all over the Internet. Even China can't focus in on everyone using it. Even if a Western government expected you were using it for hacking they couldn't prove it. For countries like Iran and China that's a different situation, of course. Using Tor is itself illegal. Fortunately most readers here don't have to worry about that yet.

The Patriot Act had those implementations in place thanks to Ashcroft & Co. You don't need to skewer Obama with your conservative agenda.

Correct. There are plenty of other reasons to skewer Obama with my liberal agenda (e.g., promising to end the wars in the middle east, closing Guantanamo Bay, prosecuting banksters and executives of the General Services Administration, ending the war on drugs -- and the war on sick people who use cannabis as medicine, etc., etc. etc.).

1) They need to identify you in order to know what ISP, where, when, etc. to ask for that cooperation. By definition, you've already been caught, and now they're just strengthening evidence.

Why? I think you conveniently forgotten that fiasco involving a major Telcom in San Francisco and CIA equipment within that facility monitoring all incoming and outgoing packet. The government can do that at whim.

Quote:

2) Sure, encrypting the torrent stream is potentially identifiable, but "downloading an encrypted torrent" is not a crime, and "downloading an encrypted torrent" is the very definition of circumstantial evidence, which means nothing without noncircumstantial evidence to prove it means something. "This IP downloaded this torrent" combined with "this user downloaded an encrypted torrent" is simply insufficient to make a conclusion. By all means, prove that the encrypted information you can't identify was the same torrent that IP downloaded, now prove that out of over seven billion people in the world that none of them spoofed my IP.

Look at my above comment. You don't need to commit crime in order to be monitored. It's just whether or not you possess any data of "value" that is the major determinant factor.

Quote:

Is it enough to make them look closer? Sure. But it's not enough to actually do anything (at least not constitutionally; if it's politically convenient to accept the MAFIAA's assertions about piracy and the economy, they could easily declare you a terrorist and just disappear you without charge or trial, thanks to the 2012 Defense Authorization Act).

The Patriot Act had those implementations in place thanks to Ashcroft & Co. You don't need to skewer Obama with your conservative agenda.

1) Read my post history, I'm far from conservative, and I'm certainly not letting the regime of Bush-the-Lesser off the hook.

2) The PATRIOT ACT allowed those actions overseas and against foreign nationals (though its unconstitutionality was far from limited to just those parts). The 2012 Defense Authorization Act allows those actions against US citizens on US soil.

For the record, both Bush-the-Lesser and Obama are lying sacks of corporate shit, don't take the fact that I criticized law passed by one as condoning the actions of the other.

As to the SanFran telecom, I actually missed that story, do you have a link to it? As to the assertion that they need to identify you, they do. They need to identify whose information they want to look at. Scouring all of that data before they know what or who they're looking for is more than slightly complex and time consuming, even with some levels of automation.

Read my own comment from the post you quoted. I never said it wasn't enough to make you look interesting enough to look closer at, I only said it's insufficient for any actual action. Even if they have an IP and an encrypted torrent connection, they still need to prove the content of the encrypted torrent.

I still can't believe that there are sites out there that have that type of data (ESPECIALLY for police officers) that allow SQL injection attacks to be successful. Seriously, the head of IT, the web designer and developer for those PD's should be locked up for criminal stupidity. SQL injection has been an issue for long enough that they should have known almost a decade ago that their site wouldn't stand up to those types of attacks, and should have fixed them in the meantime. Maybe, hopefully, now they will get on the case and fix the stupid.

Of course it's the victim's fault.

That's what you said when the girl was raped because she wasn't trained in self-defense and couldn't rebuff her attacker, right? Rape has been around forever and if women haven't figure it out yet, they are just "stupid". Look, it doesn't bother me if you leave your door unlocked at night -- if a thief steals your stuff it's still his fault.

I still can't believe that there are sites out there that have that type of data (ESPECIALLY for police officers) that allow SQL injection attacks to be successful. Seriously, the head of IT, the web designer and developer for those PD's should be locked up for criminal stupidity. SQL injection has been an issue for long enough that they should have known almost a decade ago that their site wouldn't stand up to those types of attacks, and should have fixed them in the meantime. Maybe, hopefully, now they will get on the case and fix the stupid.

Of course it's the victim's fault.

That's what you said when the girl was raped because she wasn't trained in self-defense and couldn't rebuff her attacker, right? Rape has been around forever and if women haven't figure it out yet, they are just "stupid". Look, it doesn't bother me if you leave your door unlocked at night -- if a thief steals your stuff it's still his fault.

Let's keep the blame squarely where it belongs, OK?

Comparing a woman being raped and blaming it on lack of self-defense training is not even close to a reasonable comparison to getting robbed when you left the house unlocked.

My father left the door wide open while I was at basic training, and someone waltzed right in and picked up the boxes of my things he had left on the living room floor, including a PS3 box visible from that front door. Is it the thief's fault for stealing it? Absolutely. Is it my father's fault the thief had such a bloody easy time stealing it? Damn right it is. Shutting and locking a door is not rocket science, nor is it an unreasonable expectation.

SQL injection is not really any different. Vulnerabilities are patched, and best practices have existed for years, and leaving it open is no different than leaving that house unlocked. Is the criminal still at fault for the crime? Of course, but the sysadmin/homeowner is still to blame, at least partially, for making it so bloody easy to do.

If you truly don't understand this, then I encourage you to leave your home and car unlocked in The Bronx in NYC, or Springfield or Holyoke in Massachusetts. See how far that gets you.